One of the most pressing issues that has evolved as a result of high technology concerns the various attempts which have been made to protect a programmer's investment in the fruits of his or her labor. Both technical and legal approaches have been tried, but the fact that "software piracy" remains a major problem speaks well to the reality that all attempts to date have been less than totally successful.
There has been a great deal of effort expended in attempts to prevent the making of unauthorized copies of software. While some of these attempts have been more successful than others, most such schemes are defeated soon after they are announced. Furthermore, schemes which make it considerably more difficult to use the software often have the net effect of discouraging legitimate purchasers, thus making it a better business decision to risk piracy by foregoing any form of copy protection. Obviously the more valuable the program, the more incentive there is to expend time and money in an illegitimate effort to copy it, and the greater is the incentive to create a "pirate-proof" protection scheme.
Some recent efforts at software protection have been directed at a hardware solution to the problem. A general system of operation utilized within hardware security devices is to have encrypted therein a code or identifier which is needed to interact with a protected program in order for that program to function. For example, one variation of this general theme is to have a code number within the hardware device which must be decrypted and identified by the software. Another variation is to have decryption information within the hardware device which must be used either to identify the software or to, in fact, decode all or part of it prior to usage. More complicated variations include multi-level encryption such as, for example, having software which must be decrypted using an encryption table found within the hardware and then further decrypted within the software itself. Of course, numerous other variations on this general scheme are possible, and many of them have been used with varying degrees of success.
U.S. Pat. No. 4,683,968, issued to Appelbaum et al., teaches a hardware device and method for using same which uses a triple encryption scheme in which part of the decryption code resides in the software and part resides in the hardware. In an alternative version, decryption is made even more difficult by scattering the software portion of the code throughout the program and the like. While this method undoubtedly makes unauthorized use of the software extremely difficult, and in fact financially unfeasible in many instances, it is not immune to the efforts of pirates. Code residing within the Appelbaum device can be discovered if the device can be successfully opened. Although Appelbaum correctly suggests that the device can be made such that it is extremely difficult to open without destroying the code, no suggestion is made that this is impossible. Furthermore, as for the effect of making the portion of the decrypting scheme which resides in software very difficult to decode, while the difficulty is undeniable, no suggestion is made that it is impossible.
Yet another hardware device and an associated method which have been developed for the subject purpose are taught in U.S. Pat. No. 4,683,553 issued to Mollier. This method renders the protected programs non-executable in the state in which they are delivered to users, and utilizes a hardware key which must be employed in order to read the program into a computer's primary storage memory in an executable form. This method also is quite effective to make the copying of programs economically unfeasible as to many software programs. However, the Mollier method does rely upon a look up table which resides within the hardware portion, which table can be read and duplicated by one with sufficient financial incentive. Therefore, it would be entirely possible for an unscrupulous person to duplicate this hardware key, and thus to produce multiple executable copies of the program.
A simple device which is, in some ways, similar to the Mollier invention, is marketed by ProTech.sup..about. marketing, Inc. of 9600-J Southern Pine Boulevard, Charlotte, N.C. The ProTech.sup..about. device is constructed so as to fit on a standard computer RS-232 serial communications port, and further so that some external device or devices (such as, for instance, a serial printer and/or a modem) can be connected to the ProTech.sup..about. device. An object of the ProTech.sup..about. device is to allow the external device connected to it (in this instance, the serial printer or the modem) to communicate with the subject computer in a normal manner, while still providing a means for that computer to access the device itself. The ProTech.sup..about. device contains an apparatus which is referred to by the manufacturers as a microprocessor. The nature of this apparatus is that it contains "look up tables" in a memory which can be accessed to ensure that the device is in place. If the program in question does not detect that the device is in place, then the program will not run. The fact that the ProTech.sup..about. device is relatively inexpensive to manufacture undoubtedly makes it a viable economic choice in many instances.
Yet another example of the prior art is the Activator.sup..about. manufactured by Software Security.sup..about. of 1011 High Ridge Road, Stamford, Conn. This device is also adapted to fit on a computer communications port. It employs an application specific integrated circuit (ASIC) to perform in much the same manner as the ProTech.sup..about. device. Although it would be very difficult to decode key information encoded and stored within the Activator.sup..about. device, as with the ProTech.sup..about. device, a sufficiently motivated thief could duplicate the Activator.sup..about. device, along with the encoded information therein, without necessarily understanding the meaning of that encoded information. Unfortunately, this would be sufficient to result in a working copy of the original device.
The utility of security devices which utilize simple look up tables or ASICs is well known. Such devices are cost effective and function to protect low cost software quite adequately. However, such devices are not intended for those applications wherein it is economically feasible for a software thief to expend a substantial amount of time and money in an effort to defeat a software protection system. It is really a very simple and inexpensive matter for one skilled in the art to "read" the encoded data in the memory of such devices and to duplicate it or, in the case of ASIC based devices, to duplicate the device itself. It is important to note that it is not even necessary that such a person understand the encoded data in order to duplicate it.
A feature which has been considered for application to hardware key devices has been the inclusion of a means for controlling the amount of time during which a user has access to the subject software. In many cases, a temporary license is granted for the use of software, or some other time contingent arrangement is made. However, once an owner has turned over all of the software and hardware necessary to operate a program, the matter is really out of his or her control. Some devices have attempted to use system clocks to determine the amount of usage to which the program is subject, or to stop usage of the program after a predetermined time. However, the system clock is within the control of the user, and avoidance of this attempted protection is easy.
All of the prior art software protection devices within the inventors' knowledge have offered less than an ideal solution to the problem. Many have been difficult to install and have required connection to external power sources to operate. Alternatively, those which have been easier to install and/or have not required external power have been relatively easy to duplicate by unscrupulous persons. Furthermore, none of the prior art software protection devices within the inventors' knowledge have provided an adequate means for controlling access to software within a predetermined time frame.
While several prior art devices have made life difficult for software pirates, no prior art software protection device to the inventor's knowledge has successfully employed a scheme in which the necessary security device cannot be duplicated using known methods.
All successful applications to date have utilized some variation of a look up table for decryption of data, which look up table is encoded in some form of memory which can be accessed and duplicated using known technology.